Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
81
malware analysisgovernment cybersecuritytelecommunication securityNSA Spyware Campaign: Long-Term Firmware Infections Across Nations
The US National Security Agency (NSA) has infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades, according to an analysis by Kaspersky Labs. . The campaign infected possibly tens of thousands of computers in telecommunications providers, governments, militaries, utilities, and mass media organisations among others in more than 30 countries. The link for this article located at The Register UK is no longer available. . The campaign infected possibly tens of thousands of computers in telecommunications providers, gover. national, security, agency, (nsa), infected, firmware, spyware, campaign. . LinuxSecurity.com Team
Feb 17, 2015
•
Privacy
82
cyber attackcloud securitycybersecurity strategiesHoward Schmidt's Approach to Government Cybersecurity Initiatives
The nation's new cybersecurity coordinator, Howard Schmidt, says the task of overseeing government-wide computer security has been "non-stop" in his first two weeks on the job. Following the December announcement of his appointment by President Obama, Schmidt immediately had a cybersecurity crisis on his hands: Google's disclosure of a cyber attack on its system from within China. "I think everybody in the world who's in the security business is thinking about or working on that issue right now," Schmidt said in a brief interview at the Congressional Internet Caucus' annual State of the Net conference, where he gave his first public speech since taking office. . Since meeting with President Obama a few weeks ago, Schmidt has been working with federal CTO Aneesh Chopra and federal CIO Vivek Kundra on the requirement for secure cloud computing architectures and other issues. Schmidt didn't offer a timeframe for when the White House would introduce a comprehensive cybersecurity strategy, but he hinted at where he might be looking to affect change. Schmidt pointed to supply chain management and education as weak links in cybersecurity. His priorities include developing an organized, unified response to attacks on American systems, fostering private-public partnerships, and addressing R&D needs. One of the main concerns expressed about Schmidt's position before he took office was that it carried no real budget authority, but Schmidt waves that aside. "I don't believe that if you don't have the budget authority, you can't affect change," he said, noting a recent groundswell of support from policy-makers for cybersecurity efforts. The link for this article located at Information Week is no longer available. . Johnson discusses national cybersecurity frameworks and the role of cooperative ventures between government and industry in tackling digital threats.. Cloud Security Strategies, Cyber Attack Response, Government Cybersecurity, Private-Public Partnerships, R&D in Cybersecurity. . Alex
Jan 28, 2010
•
Government
76
risk managementcompliancegovernment cybersecurityNIST Draft Guidance on Cybersecurity for Government Agencies
Draft guidance from the National Institute of Standards and Technology issued last week, pushes government agencies to adopt a comprehensive, continuous approach to cybersecurity, tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits.. The guidance, encapsulated in a draft revision to NIST Special Publication 800-37, will likely be finalized early next year. While federal agencies aren't required to follow all of its recommendations, NIST is officially charged with creating standards for compliance with the Federal Information Systems Management Act, (FISMA), which sets cybersecurity requirements in government, so this guidance should at the very least be influential. As official statistics show attacks on the federal government continuing to rise, the Government Accountability Office and agency inspector generals have repeatedly found the federal government or particular agencies falling short of the spirit of FISMA, if not its letter. Meanwhile, critics have repeatedly found fault with either FISMA or its implementation in practice, saying that it doesn't do enough to ensure that government agencies remain consistently vigilant about cybersecurity. The link for this article located at Information Week is no longer available. . The draft recommendations from NIST underscore the necessity for an ongoing strategy in cybersecurity within federal entities, shaping frameworks.. Cybersecurity Guidance, NIST Standards, Risk Management. . Anthony Pell
Nov 24, 2009
•
Organizations/Events
74
network securitycyber threatddos attackInvestigating DDoS Attacks: Unmasking Unsophisticated Attack Methods
The latest distributed denial-of-service (DDoS) attacks that have wrangled some U.S. and South Korean government websites appear to be the work of a relatively unsophisticated attacker and not the actions of a state sponsored professional, according to experts analyzing the traffic from the botnet behind the attacks.. Experts say the methods used to conduct the DDoS attacks are so unsophisticated that there's a chance that they could be traced back to an attacker. Still, some news reports have painted a broad brush on the DDoS attacks, calling them sophisticated and trumpeting them as a cyberwar with North Korea ties. Others are citing security experts who are speculating on the attacker's intent. The link for this article located at Search Security is no longer available. . Cyber assaults targeting platforms in the U.S. and South Korea showcase primitive tactics that can be linked directly to the perpetrators.. DDoS Attack Analysis, Cybersecurity Threats, Government Cybersecurity, Botnet Activity, Recent DDoS Incidents. . Anthony Pell
Jul 16, 2009
•
Network Security
83
IT securitysecurity incidentcyber threatDefacement Hits Over 30 Australian Government Websites: A Cyber Threat
The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months - including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board. . . .. The IT security of Australian Web-hosting providers has come under serious question, with more than 30 state and local government Web sites defaced in the last six months - including the homepages of two locally hosted foreign diplomatic missions and the highly sensitive NSW Casino Control Board. Information Computerworld obtained shows the Web site for the South African High Commission () was defaced on January 20 2004, with the Solomon Islands High Commission () defaced on May 9 2004. The link for this article located at Arnnet.com is no longer available. . The IT security of Australian Web-hosting providers has come under serious question, with more than . security, australian, web-hosting, providers, under, serious, question. . Duane Dunston
Jun 18, 2004
•
Hacks/Cracks
82
open sourcesecurity standardscybersecurity initiativeNIAP Certification and Its Effect on Open Source Software Security
The government's plan to pressure software vendors to build more secure products seems to be gathering a bit of momentum. A major part of the National Strategy to Secure Cyberspace, the idea involves using market pressures and the government's purchasing power . . . . The government's plan to pressure software vendors to build more secure products seems to be gathering a bit of momentum. A major part of the National Strategy to Secure Cyberspace, the idea involves using market pressures and the government's purchasing power to influence vendors' development practices. important component of this plan is the National Information Assurance Partnership's Common Criteria testing program, which validates the security and reliability of a given product. The program is a partnership between the National Security Agency and the National Institute of Standards and Technology. NIAP has been around for a while, but until some government agencies began purchasing only NIAP-certified products whenever possible, it hadn't been a priority for many vendors. But that may be changing. On Tuesday SuSE Linux AG and IBM announced that SuSE's flagship Enterprise Server 8.0 running on an IBM eServer xSeries box had received the Common Criteria certification. This is a first for the open-source operating system, which has attracted both criticism and praise from the security community. The certification is seen as an important step in Linux's continued penetration of the government market. The link for this article located at eWeek is no longer available. . The government's plan to pressure software vendors to build more secure products seems to be gatheri. government's, pressure, software, vendors, build, secure, products, seems, gatheri. . Anthony Pell
Aug 07, 2003
•
Government
82
risk assessmentsecurity standardgovernment cybersecurityNIST Drafts FIPS 199: Categorizing System Security Risks for Agencies
The National Institute of Standards and Technology's Computer Security Division today released the draft of a new Federal Information Processing Standard, FIPS 199, which dictates how agencies should categorize their systems based on the security risk faced by each. . .. The National Institute of Standards and Technology's Computer Security Division today released the draft of a new Federal Information Processing Standard, FIPS 199, which dictates how agencies should categorize their systems based on the security risk faced by each . The standard is the first step in several requirements generated by NIST under the Federal Information Security Management Act (FISMA) of 2002, all aimed at setting minimum security requirements for all government systems not related to national security. The draft outlines three categories of risk, which are based on the potential impact of a breach in three areas: the confidentiality, integrity and availability of the information in the system. The link for this article located at FCW is no longer available. . The NIST Computer Security Division has unveiled a draft FIPS 199 version, classifying systems by security risks influencing regulatory frameworks. NIST FIPS 199,Risk Governance,Systems Security,Data Classification. . Anthony Pell
May 19, 2003
•
Government
82
network securitycritical infrastructureDDoS mitigationGovernment Explores VPNs For Protecting Critical Services From DDoS
Senior government officials are studying the feasibility of dividing the next-generation Internet into a series of virtual private networks that could insulate critical national services, such as those provided by the Federal Aviation Administration (FAA) and the finance industry, from hackers . . . . Senior government officials are studying the feasibility of dividing the next-generation Internet into a series of virtual private networks that could insulate critical national services, such as those provided by the Federal Aviation Administration (FAA) and the finance industry, from hackers and distributed denial-of-service (DDoS) attacks. Richard Clarke, national coordinator for security, infrastructure protection, and counterterrorism under both the Clinton and Bush administrations, raised the issue Tuesday at an invitation-only conference on Internet security sponsored by the Arlington, Va.-based Information Technology Association of America. According to Clarke, the increasing menace of DDoS attacks, as well as the reliance on the Internet by critical national services -- including the electric power industry, the Defense Department, emergency services, and others -- raises the question of whether the only way to ensure future reliability is to separate tho The link for this article located at InfoWorld is no longer available. . Senior government officials are studying the feasibility of dividing the next-generation Internet in. senior, government, officials, studying, feasibility, dividing, next-generation, internet. . Anthony Pell
May 24, 2001
•
Government
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More